Tech

REvil is back, a new ransomware steals all your data

After causing immense havoc in the digital sphere last year, hacker group REvil is making a quiet but not unnoticed comeback. Indeed, a new ransomware currently infecting PCs en masse looks like the one that raged in 2021.

Ransomware
Credits: Taskin Ashiq via Unsplash

Do you remember REvil? It is difficult in 2021 to miss this particularly prolific group of pirates. While recent months have been marked by repeated attacks by LAPSU$, last summer saw a series of large-scale operations by Russian hackers. Their biggest feat is of course the Kaseya hack, the biggest cyberattack in the history of the Internet. But they are also found behind the massive distribution of their eponymous ransomware which has claimed many victims.

REvil was thought to have disappeared after being dismantled by the Russian authorities. Negotiations were then to take place with the United States concerning their condemnation, but in the meantime, the war in Ukraine broke out and, at the same time, cut short the discussions between the two powers. Some time later, the REvil infrastructure again showed signs of activity. After investigation, it turns out that this is in no way a coincidence of the calendar.

REvil deploys new, even more dangerous ransomware

At first glance, REvil’s TOR site, to which the ransomware redirects after encrypting its victim’s data, has nothing to do with the previous one. Nevertheless, a sample of the malware analyzed by experts reveals that the cyberattack is well coordinated by the hacker group. Indeed, while the other hackers using REvil only distribute a patched version, this more recent version gives direct access to the collective’s source code.

Related — Apple: Hackers Demand $50 Million Ransom Or Leak Future Mac M1 Plan

There are, however, some notable changes. In particular, this new version offers a new configuration option which makes it possible to target its victim very precisely, which avoids encrypting the data of a PC by mistake. Additionally, the message displayed by the ransomware once executed begins with “Welcome again” which clearly indicates that hackers are not at their first attempt.

Source : Bleeping Computer

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *